Categorie archief: Juniper SA – MAG

Sometimes you would like to publish certain web resources like Microsoft ActiveSync or Exchange auto discovery URLS on the internet using different FQDN and SSL certificates.

If you have a Juniper SA or MAG you are able to do this without the need of extra user licenses.

In this example I’m using the following Lab setup:

As you can see I have a Juniper SA through which I like to publish two resources on the internet being; the normal juniper SA portal access using the remote.egineers.com FQDN and a ActiveSync synchronization URL using the pda.employees.com FQDN. Apart from that I want both resources to use valid certificates. Note that the use of a wildcard certificate is scenario is not an option as both domain names differ (engineers.com vs. employees.com)

To realize this setup follow the steps below:

Login on the Admin portal of you Juniper SA or MAG

Browse to System -> Network -> Internal Port -> Virtual Ports

– Create a new Virtual port using the beginning of the FQDN you like the ActivSync clients to connect to:

– Import a valid or self-signed certificate for the FQDN you like ActivSync clients to connect to

– In our case this is pda.employees.com

– Bind this certificate to the virtual port you created earlier

*Note that the remote.engineers.com certificate is already bound to the internal interface. If you like to use a different certificate for this follow steps 5 and bind the certificate to the internal interface

Browse to Users -> User Roles

– Create a new User Role with the following options set:

– Session Options

– UI Options

– Access features -> Web options

Browse to Authentication -> Signing In -> Sign-In Policies

– Create a new URL

– Specify it is for Authorization Only Access & enter the following information: